Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Serious Yahoo bug discovered. Researchers rewarded with $12.50

From: coderman <coderman () gmail com>
Date: Thu, 3 Oct 2013 05:19:27 -0700
On Thu, Oct 3, 2013 at 3:21 AM, coderman <coderman () gmail com> wrote:

... i would pay money to never read about lame XSS on this list again...



ok, lame is too harsh; inaccurate.  as part of a larger campaign of
pwn, XSS can play part in a pandemic pounding of target host or
network.

better to say "routine XSS", which XSS certainly is.

 E.g.
"...we built a total of 181,238 unique exploit test cases,... these
[test cases] we were able to trigger our reporting function 69,987
times... [and] that the exploits triggered 8,163 unique
vulnerabilities."
  http://ben-stock.de/2013/09/summary-of-our-ccs-paper-on-dom-based-xss/


i've read 2,261 threads discussing XSS on this list.
 do we really need to discuss the remaining thousands?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: